Mozilla Foundation Security Advisory 2014-05
Information disclosure with *FromPoint on iframes
- Announced
- February 4, 2014
- Reporter
- Jordan Milne
- Impact
- Moderate
- Products
- Firefox, SeaMonkey
- Fixed in
- 
        - Firefox 27
- SeaMonkey 2.24
 
Description
Security researcher Jordan Milne reported an information
leak where document.caretPositionFromPoint and
document.elementFromPoint functions could be used on a cross-origin
iframe to gain information on the iframe's DOM and other attributes through a
timing attack, violating same-origin policy.
In general this flaw cannot be exploited through email in the Seamonkey product because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.